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(54) ACCESS RIGHT CONTROLLING DEVICE 
(57)Abstract: 

PURPOSE: To comprehensively control an access right 
in the access right controlling device of a file system. 
CONSTITUTION: An access right judging part 16 
compares information related to the attribute value of a 
file controlled by an access right control part 13, the 
access right investigated by an access right investigating 
part 14 with the attribute value of the file read by an 
attribute reading part 15, and judges whether or not the 
attribute value appendant to the object file to be 
accessed or the access right of a user is included in the 
information related to the attribute value of the file read 
from the access right control part 13, and when the 
attribute value or the access right is included in the 
information related to the attribute value, it is judged that 

there is no access right for the file, and the part 16 informs an access instruction receiving 
part 12 of that the user having issued an access instruction has no access right. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] The access privilege management equipment carry out having had an attribute- value judging 
means judge whether the attribute value which accompanies the file set as an attribute-value 
maintenance means hold the information about the attribute value of a file set as the object of an access 
control, and the object of access is included in the range of the attribute value of the file which holds 
with said attribute- value maintenance means, or attribute value, and an access privilege decision means 
determine the existence of the access privilege to the file from which it is set as the object of access with 
reference to the result of said judgment as the description. 



[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Industrial Application] This invention relates to the access privilege management equipment which 
performs security management of a file system. 

[0002] In addition, in this description, various kinds of operation actuation to a file shall be included 

with access. 

[0003] 

[Description of the Prior Art] In the conventional file system, the access control to a file was judged 
with the attribute of the access privilege set up for every file, a password, etc. 

[0004] For example, in Unix, as shown in drawing 10 , there are three access privileges, a Read right, a 
Write right, and an Execute right, for every file, and the propriety of access of the three users "itself 1 , 
"its affiliation group", and "others" can be set now as each. In drawing 10 , all access privileges are 
assigned to the manager (themselves) of a file, and, as for the affiliation group, all access privileges are 
restricted only for the Read right, as for others. 

[0005] Moreover, in an access control with a password, when the password is beforehand set as the file 
and an access request comes to a file, the input of the password set as the file is required, and a password 
permits access only to a right case. 
[0006] 

[Problem(s) to be Solved by the Invention] Since the information about an access privilege is set as file 
each, "date and time of creation to restrict access of the whole file by the way, the file in 1993 and 
afterwards When performing that no men can access" or the access control "not all users have an access 
privilege to the file of Title A", the access privilege had to be set up about file each and much time and 
effort and time amount were needed. 

[0007] This invention aims at offering the access privilege management equipment which can manage 

an access privilege comprehensively. 

[0008] 

[Means for Solving the Problem] In order to solve the above-mentioned technical problem, the access 
privilege management equipment concerning this invention An attribute value maintenance means to 
hold the information about the attribute value of a file set as the object of an access control, An attribute 
value judging means to judge whether the attribute value which accompanies the file set as the object of 
an access instruction of a user is included in the range of the attribute value of the file held with said 
attribute value maintenance means, or attribute value, It is characterized by having an access privilege 
decision means to determine the existence of the access privilege to a file, with reference to the result of 
a judgment with said attribute value judging means. 

[0009] As attribute value which accompanies a file, there are the date and time of creation, an 
implemented a title name, etc., for example. Moreover, the information about the attribute value of a file 
set as the object of an access control says the range of the value of said date and time of creation, 
implementer, etc., or a value. 
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[0010] 

[Function] If an access instruction is published from a user, an attribute value judging means will read 
the information about the attribute value of a file set from the attribute value maintenance means as the 
object of an access instruction while reading from a file the attribute value which accompanies the file 
set as the object of an access instruction of a user. And it judges whether the attribute value which 
accompanies the file set as the object of an access instruction of a user is included in the range of the 
attribute value of the file read from said attribute value maintenance means, or attribute value. The user 
who, as for the access privilege decision means, published the access instruction when the attribute 
value which accompanies a file was included in the range of the attribute value of a file or attribute 
value as a result of a judgment with said attribute value judging means determines that there is no access 
privilege to a file (or there is an access privilege). 

[001 1] Since access to a file is controllable by attributes, such as the date and time of creation, an 
implemented and a title name, to the attribute value which accompanies a file by setting up the range of 
a specific value or a value as information about the attribute value of a file according to this, it becomes 
possible to manage the access privilege of the whole file comprehensively. 
[0012] 

[Example] Hereafter, one example of the file management system which applied the access privilege 
management equipment concerning this invention is explained with a drawing. 
[0013] Drawing 1 is the block diagram showing the functional configuration of the file management 
system 1 in this example, drawing — setting —11— in the access privilege Management Department and 
14, the access privilege Research and Planning Department and 15 express the attribute reading section, 
and 16 expresses [ a file system and 12 / the access instruction receipt section and 13 ] the access 
privilege judging section. Among these, access privilege management equipment 10 is constituted by the 
access privilege Management Department 13, the access privilege Research and Planning Department 
14, the attribute reading section 15, and the access privilege judging section 16. 

[0014] A file system 1 1 manages multiple files according to a file management process. The file stored 
in a file system 1 1 is constituted by the content block of files, such as text data and an image data, and 
the attribute section of files, such as the date and time of creation which accompanies this file, an 
implementer, and a title name. When the user who published the access instruction has an access 
privilege, an access instruction of a user is passed to a file system 1 1 from the access instruction receipt 
section 12, and the file access by the user is performed through the operation activation section which is 
not illustrated after that. 

[0015] The access instruction receipt section 12 passes the access instruction to a file system 1 1 from a 
user to reception, and once passes this access instruction to access privilege management equipment 10. 
And when decision that the user who published the access instruction has an access privilege is received 
from access privilege management equipment 10, the access instruction from a user is passed to a file 
system 11. Moreover, when decision that a user does not have an access privilege is received, the access 
instruction from a user is not passed to a file system 1 1 . 

[0016] The access privilege Management Department 13 has managed the access privilege and the target 
user name to the range of the range of the attribute value of the attribute identifier for identifying an 
attribute, and the attribute identifier concerned, or attribute value, the attribute value concerned, or 
attribute value as information about the attribute value of a file set as the object of an access control. The 
fundamental configuration of the table managed at the access privilege Management Department 13 is 
shown in drawing 2 . Each record which constitutes a table has the "attribute name" showing an attribute 
identifier, the "attribute value" corresponding to this, the target user's "user name", and the item of the 
"access privilege" showing the access privilege denied. On the table of drawing 2 , the user specified in 
the column of a "user name" to a file which has the attribute value specified in the column of "attribute 
value" about the attribute specified in the column of a "attribute name" shows that it cannot have the 
access privilege specified in the column of an "access privilege." Through a user interface, writing, an 
addition, and correction are performed and the information about the attribute value of these files can 
make a change. 
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[0017] The access privilege Management Department 13 can realize the function as access privilege 
management equipment, if the range of an attribute identifier, attribute value, or an attribute identifier 
and attribute value is registered at least. For example, if an attribute identifier is made into the date and 
time of creation and a creation year (A.D.) is set up as attribute value, the access control "the date and 
time of creation can access the file in 1993 and afterwards, as for [ no ] people" can be performed. 
[0018] The access privilege Research and Planning Department 14 interprets the access instruction 
received in the access instruction receipt section 12, and detects an access privilege required for 
activation of the access instruction concerned. The detected access privilege is passed to the access 
privilege judging section 16. 

[0019] The attribute reading section 15 reads the attribute value which accompanies the file set as the 
object of an access instruction from a file system 1 1. As mentioned above, since the file has the attribute 
section of files, such as the date and time of creation, an implemented and a title name, it reads required 
attribute value from this attribute section. The read attribute value is passed to the access privilege 
judging section 16. 

[0020] The access privilege judging section 16 compares the information about the attribute value of the 
file managed at the access privilege Management Department 13, and the access privilege investigated 
in the access privilege Research and Planning Department 14 with the attribute value of the file read in 
the attribute reading section 15, and it judges whether the access privilege of the attribute value which 
accompanies the file for access, or a user is contained in the information about the attribute value of the 
file read from the access privilege Management Department 13. When attribute value and an access 
privilege are contained in the information about the attribute value of a file as a result of this judgment, 
it determines that there is no access privilege to a file, and the user who published the access instruction 
is notified of there being no access privilege to the access instruction receipt section 12. Moreover, when 
neither attribute value nor an access privilege is contained in the information about the attribute value of 
a file, it determines that there is an access privilege to a file, and the user who published the access 
instruction is notified of there being an access privilege. 

[0021] In addition, by changing description of the table ( drawing 2 ) of the access privilege 
Management Department 13, when the attribute value and the access privilege concerning an access 
instruction are contained in information, such as attribute value of a file, there is an access privilege to a 
file, and when not contained, it can also be determined that there is no access privilege to a file. 
[0022] Drawing 3 is what showed the example for realizing file management system 1 shown in drawing 
1 , and shows the hardware configuration of the computer system which functions as a file server. 
[0023] CRT21 is the user interface equipped with the display screen, and displays text data, a graphic 
form, etc. on a screen. Such image display is controlled by the CRT control section which is not 
illustrated. 

[0024] A keyboard (KB) 22 is a user interface for data inputs, such as a command and a character string, 
and the mouse which is not illustrated for performing directions selection on a screen is connected. 
Various kinds of data inputted from the keyboard 22 and directions are sent to a processor 25 through 
the keyboard / mouse control section which is not illustrated. 

[0025] A disk unit 23 consists of large capacity storage, such as a magnetic disk, and stores various data 
by file format. I/O of the data in a disk unit 23 is managed by the disk unit control section which is not 
illustrated. 

[0026] Main memory 24 is a buffer store which consists of memory apparatus, such as RAM, and 
memorizes temporarily various kinds of data, an instruction, etc. which were inputted from the keyboard 
22 besides various programs. As for the program and data which a processor 25 needs, a part or all of 
the content of storage is copied to main memory 24 from secondary storage, such as a disk unit 23. 
[0027] A processor 25 is a central processing unit constituted by CPU and its circumference circuit, 
manages actuation of each part of the above according to a control program, and performs data 
processing to predetermined data etc. 

[0028] It connects with the network which is not illustrated and the communications control section 26 
controls the transmission and reception of data performed between user machines which the user using a 
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file system operates, such as a personal computer and a workstation, and other servers. 
[0029] An access instruction is published through a network by the file server shown in drawing 3 from 
a remote ****** US er machine. In this case, the user machine of RIMOTO needs to be equipped with the 
function of the communications control section 26 at least. In addition, it cannot be overemphasized that 
a file server can be accessed from a local. 

[0030] Next, in the file management system 1 mentioned above, the flow chart of drawing 4 explains the 
flow of the fundamental processing when receiving the access instruction to a file system from a user. 
[0031] The access instruction receipt section 12 will request the judgment of whether there is any access 
privilege from the user who published the access instruction to access privilege management equipment 
10, if the access instruction to a file system 11 from a user is received (step 101, step 102). With access 
privilege management equipment 10, an access privilege is judged according to the flow chart of 
drawing 5 mentioned later, and a judgment result is passed to the access instruction receipt section 12 
(step 103). It investigates whether the access instruction receipt section 12 interprets the received 
judgment result, and the user who published the access instruction has an access privilege (step 104). 
When a user has an access privilege, an access instruction is passed to a file system 1 1 (step 105). 
Moreover, when a user does not have an access privilege, an access instruction is not passed to a file 
system 11 (step 106). 

[0032] In addition, when a user does not have an access privilege, it may be made to process returning 
an error to a user through the communications control section 26 ( drawing 3 ) etc. 
[0033] Next, the flow chart of drawing 5 explains the flow of processing with access privilege 
management equipment 10 when there is a judgment request whether there is any access privilege of a 
user from the access instruction receipt section 12. 

[0034] First, the access privilege judging section 16 requests examination of an access privilege required 
for activation of the access instruction demanded in the access instruction receipt section 12 to the 
access privilege Research and Planning Department 14. The access privilege Research and Planning 
Department 14 interprets the requested access instruction, and detects an access privilege required for 
activation of the access instruction concerned (step 201). The detected access privilege is passed to the 
access privilege judging section 16. The access privilege judging section 16 reads the information about 
the attribute value of a file set as the object of an access control from the access privilege Management 
Department 13 (step 202). Then, the attribute value of a file used as the object for access is read through 
the attribute reading section 15 (step 203). The access privilege judging section 16 compares the 
information about the attribute value of the access privilege investigated in the access privilege Research 
and Planning Department 14, and the file read from the access privilege Management Department with 
the attribute value of the file read in the attribute reading section, and it judges whether the access 
privilege of the attribute value which accompanies the file used as the object for access, or a user is 
contained in the information about the attribute value of the file read from the access privilege 
Management Department 13 (step 204, step 205). Here, when the access privilege of the attribute value 
which accompanies the file for access, or a user is contained in the information about the attribute value 
of a file, it determines to have no access privilege at a user, and a user is notified of there being no 
access privilege to the access instruction receipt section 12 (step 206). Moreover, when the access 
privilege of the attribute value which accompanies the file for access, or a user is not contained in the 
information about the attribute value of a file, it is decided at a user that they will be those with an 
access privilege, and it notifies that a user has an access privilege to the access instruction receipt section 
12 (step 207). 

[0035] Drawing 6 - drawing 8 show an example of the table managed at the access privilege 
Management Department 13. Next, in the access privilege judging section 16 mentioned above, the 
example of processing in which the access privilege of the attribute value which accompanies the file for 
access, or a user judges whether it is contained in the information about the attribute value of a file is 
explained with the example of a table of drawing 6 . 

[0036] The table shown in drawin g 6 is what made time which created the file the controlled system 
(attribute value), and is controlling access by "CreateDateAndTime" which is the attribute which stores 
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the date and time of creation. Moreover, attribute value is expressed in the time range which consists of 
maximum (beginning of a period), and the minimum value (the last of a period). The following contents 
are set to this table. 

[0037] "User A does not have a Read right to the file created in 0 minute and 0 second from 0:0 0 
second on January 1, 1992 at 0:00 on January 1, 1993." 

"User B does not have a Read right to the file created in 0 minute and 0 second from 0:0 0 second on 
October 10, 1989 at 0:00 on October 10, 1990." 

The case where the access instruction of Read to the file created from User A on October 10, 1992 is 
published in the condition that such information is held on the table is considered. 
[0038] First, in the access privilege Research and Planning Department 14, the access instruction 
requested from the access privilege judging section 16 is interpreted, and an access privilege required for 
activation of the access instruction concerned is detected. Consequently, Read (**) is obtained. Next, the 
access privilege judging section 16 reads the information about the attribute value of a file set from the 
access privilege Management Department 13 as the object of an access control like drawing 6 . Then, 
the access privilege judging section 16 reads the attribute value (this example date and time of creation) 
of a file used as the object for access from the attribute reading section 15. It means meeting the 
conditions forjudging User's A access privilege by this. 

[0039] Here, the access privilege of the attribute value which accompanies a file, or a user explains the 
flow of processing in the case of judging whether it is contained in the information about the attribute 
value of the file read from the access privilege Management Department 13 with the flow chart of 
drawing 9 . 

[0040] It investigates whether first, the user name which published the access instruction, and a user 
name in agreement exist on a table (step 301). The identifier which is in agreement with User A is in the 
item of the user name of the record of the head of drawing 5 . Next, it investigates whether an access 
privilege required for activation of an access instruction and an access privilege in agreement exist about 
a top record (step 302). Read which is in agreement with an access privilege required for activation of an 
access instruction is in the item of the access privilege of the record concerned. Then, the date and time 
of creation of the file for access investigates whether it is contained in the range of the attribute value of 
a file (step 303). October 10, 1992 which is the date and time of creation of a file is contained between 
the range of the attribute value of a file "0:0 0 second on January 1, 1992 to 0:0 0 second on January 1, 
1993" (step 303 "Y"). Therefore, the access privilege judging section 16 judges with the user who 
published the access instruction not having an access privilege (step 304). In addition, when the number 
of the conditions which are in agreement at step 301 - step 303 is not one, either, the user who published 
the access instruction judges with a thing with an access privilege (step 305). 

[0041] In addition, the flow chart of drawing 9 is for explaining the fundamental flow of judgment 
processing, and is not what showed the procedure of actual judgment processing. 

[0042] Like the example of drawing 6 , the access control by "CreateDateAndTime" is convenient, when 
performing control of "preventing from Read(ing) except a specific man since close requires the newest 
data for the file created in 1993 and afterwards and it should not open to the public." 
[0043] The table shown in drawing 7 is what made attribute value the user name which changed the file 
at the end, and is controlling access by "LastModifiedBy" which is the attribute which stores the last 
regenerator name. The following contents are set to this table. 

[0044] "Men other than User A do not have a Write right to the file which User A corrected at the end." 

"Men other than User B do not have a Read right to the file which User B corrected at the end." 

The access control by "LastModifiedBy" like the example of drawin g 7 For example, other men must 

not change, after this man's checking and changing the content, since the men "A are those who check 

the content of the file eventually, since the case where it is called ", and the man "B evaluate about the 

content of the file and a secret matter is written in, after this man's checking and changing the content, 

other men cannot see this file. It is convenient when performing control, such as ". 

[0045] The table shown in drawing 8 is what made the title name of a file attribute value, and is 

controlling access by "Title" which is the attribute which stores a title name. The following contents are 
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set to this table. 

[0046] "Not all men have all the access privileges to the file whose title is "strictly confidential *" (* is 
the character string of arbitration)." 

"Men other than A do not have all the access privileges to the file whose title is "*(Aonly)" (example : 
"an engineering data (Aonly)")." 

Like the example of drawing 8 , the access control by "Title" is convenient, when controlling an access 
privilege by semantics of a file name. Moreover, as attribute value, /A/B/C used by the directory and a 
pathname, such as /A/B/D, may be used. 

[0047] Also in the access control of drawing 7 or drawing 8 , the procedure in the case of judging 
whether the access privilege of the attribute value which accompanies the file used as the object for 
access, or a user is contained in the information about the attribute value of the file read from the access 
privilege Management Department 13 is realizable with the flow chart according to drawing 9 . 
[0048] Although attribute value, such as the date and time of creation which accompanies a file, an 
implementer, and a title name, is used for the judgment of an access privilege in the example mentioned 
above, such attribute value may be set up not only combining one but combining other attribute value. 
Moreover, attribute value special to a file can be added and this attribute value can also be used for the 
judgment of an access privilege. 
[0049] 

[Effect of the Invention] As explained above, with the access privilege management equipment 
concerning this invention The attribute value which accompanies the file which held the information 
about the attribute value of a file set as the object of an access control, and was set as the object of an 
access instruction of a user by whether it is contained in the range of the attribute value of said file to 
hold, or attribute value Since the existence of the access privilege to a file was determined, it becomes 
possible to manage the access privilege of the whole file comprehensively by operating attribute value, 
such as the date and time of creation which accompanies a file, and an implementer, a title name. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

fDrawing 1] The block diagram showing the functional configuration of file management system. 
[Drawing 2] Drawing showing the fundamental configuration of the table managed at the access 
privilege Management Department 

fDrawing 3] Drawing showing the hardware configuration of a computer system 
[Drawing 4] The flow chart which shows the flow of processing of file management system 
[Drawing 5] The flow chart which shows the flow of processing of access privilege management 
equipment 

[Drawing 6] Drawing showing an example of the table which makes the date and time of creation 
attribute value 

[Drawing 7] Drawing showing an example of the table which makes an implementer attribute value 
[Drawing 8] Drawing showing an example of the table which makes a title name attribute value 
[Drawing 9] The flow chart which shows the flow of processing of the access privilege judging section 
[Drawing 10] Drawing showing the relation between an access privilege and a candidate user 
[Description of Notations] 

1 [ — The access instruction reception section, 13 / — The access privilege Management Department, 
14 / — The access privilege Research and Planning Department, 15 / — The attribute reading section, 16 / 
— Access privilege judging section ] — File management system, 10 — Access privilege management 
equipment, 1 1 ~ A file system, 12 
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[Drawing 9] 
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